Vulnerabilities > Mekshq > Meks Easy Photo Feed Widget
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-03 | CVE-2023-25989 | Unspecified vulnerability in Mekshq products Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup. | 8.8 |
| 2022-03-14 | CVE-2021-24958 | Unspecified vulnerability in Mekshq Meks Easy Photo Feed Widget The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. | 5.4 |